More data needed on cyber risk

More data needed on cyber risk | Insurance Business

More data is needed on cyber insurance to help brokers, clients and insurers deal with the emerging risk, an expert has said.

The insurance industry has always used data and analytics in some form to aid underwriting practices and the cyber insurance market is no different. However, with loss data still lacking, Rob Collyer, underwriting development manager at Nova Underwriting, said that prices are still being impacted.

“As it is an emerging market there remains a lack of useful data to formulate accurate rating structures, hence we see varying pricing which is based on an insurer’s own experience in this space,” Collyer told Insurance Business.

As mandatory breach notification becomes a reality over the coming months, Collyer said that an increase in data and interest from businesses looking for cyber cover will have a big impact on the market.

“You only have to look to the US and the incredible growth in cyber insurance once mandatory data breach notifications laws were passed to see the next few years are going to be busy times ahead in Australia within this segment,” Collyer continued.

“We are already seeing our Lloyd’s markets build dedicated cyber teams as the need for the cover continues to accelerate.”

The changes around the Privacy Act will see all entities governed by the act, and those with annual turnover of more than $3 million subject to mandatory breach notification. Failure to comply could lead to fines of up to $1.8 million for an organisation or $360,000 for an individual.

Collyer noted that while firms in the financial services, retail and health sector have been historical targets, the net for cyber criminals has widened and now includes brokers themselves.

While brokers may be used to selling cyber cover to clients, it is now becoming paramount that they have adequate cover themselves.

“Brokers not only hold a lot of client data, they are reliant on their computer network to renew policies, process payments, send out policy documents, not to mention run their admin and finance functions,” Collyer continued.